When people delete something from Instagram, they expect that it would be gone forever. However, it looks like that may not be the case. Especially after a security researcher, Saugat Pokharel discovered that more than a year old data existed on the photo-sharing app’s servers.
The researcher had asked Instagram for some photos and direct messages when he received some of them, which he had removed from his account more than a year ago. It made it quite clear that the deleted information still existed on Instagram’s servers, and they were never removed from there.
Instagram admitted that this was indeed an error that was occurring owing to a defect in its system. This issue has been looked into now. Pokharel has bagged a $6000 bug bounty for reporting this issue. According to TechCrunch, the problem was highlighted by Pokharel sometime in October last year, and it has been sorted out a few days back.
A spokesperson from Instagram provided a statement to TechCrunch saying that “The researcher reported an issue where someone’s deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram. We’ve fixed the issue and have seen no evidence of abuse. We thank the researcher for reporting this issue to us.”
So far, there is no clarity on how grave this issue was and whether it affected a large number of users or only a portion of them. However, this problem is not something very new. Whenever users erase their data from these online servers, there is usually some time before the data is finally gone from the servers of these networking sites. In the case of Instagram, the data completely vanishes from the servers after 90 days. Security researchers have highlighted issues of this sort earlier too. For instance, this kind of problem persisted with Twitter also, which had kept deleted messages on its servers for several years.
Instagram’s issue came to light co-incidentally as Pokharel was able to download his information from the photo-sharing app since it had that option. Back in 2018, Instagram had launched this download tool so that it could abide by the data privacy GDPR put forth by the EU.
GDPR requires that every EU citizen ought to get access to their data as and when demanded by them. Citizens can request for their personal data that has been stored by a company. They are bound to receive this requested information after a specific amount of time.
Previously, this “Right to Access” was tested on four major tech-giants, namely – Apple, Amazon, Facebook, and Google. In all of these cases, it was observed that although these firms did provide raw data, it was quite a challenging scenario in getting to understand them. The information was presented in a manner that was quite difficult to comprehend. However, it looks like Instagram sorts out the user data in a much more straightforward way such that the user can easily understand it.
The downloading data option looks to be the simplest method to determine if companies have been retaining user data on their servers even after they have been deleted long back.
Image source: TheVerge